I come from the *nix world, so apologies if this is a trivial question. I did my best to find a solution by searching the archives, to no avail.

I'm setting up a fileserver for very small office, total 4 people. The computer will mainly serve as a subversion repo, in addition to serving shared folders.

There are 4 people in the office, say A,B,C and D. A also administers the machine.

So in the Win7 system, we created 5 accounts, A,B,C,D and an admin account, which will be used by user A.

Now, what we want to do is, restrict a certain directory to be only readable/writable by user A, restrict another directory to be only accessed by users B and C, and restrict another one to be only accessed by D. Access here means, full read/write/modify privileges. Other users should not be able to read the directories and contents.

All these users are classified by Windows as belonging to 'Users' group, and also, 'Authenticated Users' group. So when we 'deny' access to a folder to USERS group, so we can then create another group to grant permissions, since the DENY on the USERS group has precedence, no user can access that folder.

1 Answer
1

With a setup this simple, just remove all ACEs from each folder, then add just the users you want to access the folder, set them to Full Control. It's that easy. Do not use Deny, it's the path to the dark side for the uninitiated. Don't use the Users or Authenticated Users groups; groups are powerful and necessary in larger setups, but for just 4 users I wouldn't bother.

Sorry the message got cut off. When I try to remove all the ACEs, I get the following message. For example, this is for Auth. Users: You can't remove authenticaed users because this object is inheriting permissions from its parent. To remove authenticated users, you must prevent this object from inheriting permissions. Turn off the option for inheriting permissions, and then try removing authenticated users again.
– user60233Nov 14 '10 at 20:12

Ok looks like inheriting can be turned off by Security->Advanced->Change Permissions-> uncheck the box that says include inheritable permissions from this objects parent.
– user60233Nov 14 '10 at 20:15

Yep, you found it. When it asks you can remove all inherited permissions to skip a step manually removing them.
– Chris SNov 14 '10 at 20:26

One mentionable point is that best practice is to never assign permissions to users but groups. So you would create group "user a stuff" and add 'user a' to that group. You would then use the group to assign permissions to the directories. Now with a 4 user system it's obviously not that big a deal. As you scale up is when the problesm occur
– Jim BNov 14 '10 at 20:55